Vulnerabilities > Samsung > Syncthru WEB Service > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2019-7421 Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.
network
low complexity
samsung CWE-79
6.1
2019-03-21 CVE-2019-7420 Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter.
network
low complexity
samsung CWE-79
6.1
2019-03-21 CVE-2019-7419 Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title.
network
low complexity
samsung CWE-79
6.1
2019-03-21 CVE-2019-7418 Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc.
network
low complexity
samsung CWE-79
6.1
2018-08-03 CVE-2018-14904 Cross-site Scripting vulnerability in Samsung Syncthru web Service 4.05.61
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.
network
low complexity
samsung CWE-79
6.1